Feds Issue Guidelines on Threat Intelligence Sharing

The Justice Department and the Federal Trade Commission have issued guidelines for organizations regarding the sharing of security threat intelligence after concerns had arisen that such information exchanges may have resulted in violations of antitrust laws designed to thwart the divulging of certain competitive information like product pricing and business development plans.

“Some companies have told us that concerns about antitrust liability has been a barrier to being able to openly share cyber threat information with each other. We have heard them,” Deputy Attorney General James Cole said.

Many have advocated for expanded threat and vulnerability intelligence sharing between key government agencies like the NSA, FBI, DHS and the CIA, as well as with the private sector and allied nations. The guidelines issued by the DOJ and FTC are focused on the sharing of such intelligence directly between corporations, which opens the door to the formation of sector specific Information Sharing and Analysis Centers, or ISACs.

“Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems,” said Bill Baer, assistant attorney general at the DOJ’s antitrust division.

Non-profit threat sharing organizations already exist for several industry verticals, like the ICS-ISAC Knowledge Sharing Center which was established to help critical infrastructure facilities develop situational awareness in support of local, national and international security.

“This guidance responds to those concerns, lets everyone know that antitrust concerns should not get in the way of sharing cybersecurity information, and signals our continued commitment to expanding the sharing of cybersecurity information,” Cole said.

While the guidelines are a step in the right direction, much needs to still be accomplished in the way of the passage of legislation by congress to remove barriers to threat intelligence sharing.

“We have to work with industry, because we can’t see it. Right now what happens is the attack goes on and we’re brought in after the fact. And I can guarantee you 100 percent of the time we cannot stop an attack after the fact. That legislation that we’re pushing for is absolutely important for our country,” outgoing NSA chief General Keith Alexander said last year.